www.ijmer.com
International Journal of Modern Engineering Research (IJMER) Vol. 3, Issue. 5, Sep - Oct. 2013 pp-2695-2697 ISSN: 2249-6645
A Novel Framework for Securing Medical Records in Cloud Computing Md. Irfan1, Sayeed Yasin2 1
M. Tech, Nimra College of Engineering & Technology, Vijayawada, A.P., India. Asst. Professor, Dept.of CSE, Nimra College of Engineering & Technology, Vijayawada, A.P., India.
2
ABSTRACT: The patient health records are maintained in a data server under the cloud computing environment. A novel framework of secure sharing of personal health records (PHRs) under distributed environment in the cloud computing has been proposed in this paper .Public and personal access models are designed with privacy and security enabled mechanism. This framework addresses the unique challenges brought by multiple medical records owners and users, in that the complexity of key management is greatly reduced while guaranteeing the privacy compared with previous works. The attribute-based encryption (ABE) model is enhanced to support distributed ABE operations with MA-ABE. The system is improved to support the dynamic policy management model. Thus, PHRs are maintained with security and privacy. It is a server choice based security model and possess the central key management with attribute authorities.
Keywords: Cloud computing, Data privacy, Encryption, PHR. I.
INTRODUCTION
Cloud computing is an emerging computing technology where applications and all the services are provided through Internet. It is a model for enabling on-demand network access to various pool resources. Cloud computing can be considered as a computing framework with greater flexibility and availability at lower cost [1]. Because of these characteristics, cloud environment has been receiving a great nowadays. Cloud computing environment services benefit from economies of scale achieved through versatile use of resources, specialization, and other efficiencies. The Internet has grown into a world of its own, and its large space now offers capabilities that could support Physicians in their duties in numerous ways. Nowadays software functions have moved from the individual user’s local hardware to a central server that operates from a remote location. In recent years, is an emerging trend and medical records is a patient-centric model of health information exchange and management. A health record is an electronic record of an individual user’s health information by which the individual controls access to the information and may have the ability to manage, track, and participate in her own health care. Generally, medical record service allows a user to create, manage, and control her personal health data in one place through the web, which has made the storage, retrieval, and sharing of the medical information more efficient. The general principles of the security rule include that a covered entity must maintain both “reasonable and appropriate” administrative, technical, and physical safeguards to protect Electronic Personal Health Information, e-PHI [2], which include requirements to ensure integrity, confidentiality and availability of information; anticipation and protection against possible vulnerabilities to the privacy of the information or against inappropriate use; and compliance by the entity’s workforce. Generally information is recorded on secured systems, hard drives, backups, flash drives, shared folders, professional networks etc. As health care professionals, physicians know that ensuring the accuracy of secret information involves more technical approaches, to avoid the security pitfalls. Privacy laws that speak to the protection of patients secrecy are complex and often difficult to understand in the context of an ever-growing cloud-based technology[3]. Due to the high cost of building and maintaining specialized data centers, many medical record services are outsourced to or provided by third-party service providers, for example, Samedi, Microsoft HealthVault and Medicine Brain. While it is exciting to have convenient medical record services for everyone, there are many security and privacy risks which could impede its wide adoption[4].
II.
RELATED WORK
For access control of the outsourced data, partially trusted servers are often assumed. With cryptographic methods, the aim is trying to enforce who has (read) access to which parts of a patient’s PHR documents in a fine-grained way. Symmetric key methods are a class of algorithms for cryptography that use the same cryptographic keys for both encryption of plaintext and decryption of ciphertext. The keys may be identical to each other or there may be a simple transformation to go between the two keys. The keys, in practice, represent a shared secret key between two or more parties that can be used to maintain a private information link. In [5], the authors proposed a solution for securing outsourced data on semi-trusted servers based on symmetric key derivation methods, which can achieve fine-grained access control. Unfortunately, the complexities of file creation and user grant or revocation operations are linear to the number of authorized users, which is less scalable. Public key cryptosystems(PKC) based solutions were proposed due to its ability to separate write and read privileges. To realize fine-grained access control, the traditional public key encryption (PKE) based methods proposed by the authors in [6] in their work “Patient controlled encryption: ensuring privacy of electronic medical records, they purpose the solution scenario and shows how both public and symmetric based encryption used. The disadvantage of their solution is either incurs high key management overhead, or require encrypting multiple copies of a file using different users’ keys. www.ijmer.com 2695 | Page